Events Related:
- Diutinus Defense Technologies Corp. – ddtek.biz
The site of the team managing the DEFCON CTF games. - SecureTubeCon – securitytubecon.org
This conference will be held completely online!
Tools:
- Aircrack-ng v1.0 – aircrack-ng.org
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. - Bsqlbf v2.4 – code.google.com/p/bsqlbf-v2/
This now has the VALIDATE_REMOTE_RC() exploit which David Litchfield discussed in his paper. - ScanEx Beta – blueinfy.com
This is a simple utility which runs against target sites and looks for external references and cross domain malicious injections. - Burp v1.2.17 – portswigger.net
A few features of this new scanner are discussed.
Techniques:
- Tactical Meterpreter Scripting DEFCON 17 Presentation Video – darkoperator.com
One of the sessions in DEFCON on scripting for Meterpreter - Some Useful SQL Queries for Software Testers – msdn.com
A highlight of some frequently-used SQL queries.
Vulnerabilities:
- Microsoft has a new round of security advisories
For TCP/IP vulnerablities and other security holes- September 2009 Security Bulletin Release – technet.com
- MS09-048: TCP/IP vulnerabilities – technet.com
- Assessing the risk of the September Critical security bulletins – technet.com
- SMB, Everything Old Is New Again – liquidmatrix.org
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality. - CERT-FI Advisory on the Outpost24 TCP Issues – cert.fi
The vulnerabilities described in this advisory can potentially affect systems and applications that run an implementation of TCP protocol (RFC793 et al.).
Vendor/Software Patches:
- Microsoft, Cisco Issue Patches for TCP DoS Flaw – threatpost.com
Vendors are finally releasing patches today for the TCP vulnerabilities first publicized nearly a year ago.
Other News:
- Hacking firms one click ahead of law – theage.com.au
When Elaine Cioni found out her married boyfriend had other girlfriends she turned to YourHackerz.com. - What Does DHS Know About You? – philosecurity.org
A document reveals that the DHS is storing credit card numbers, hotel information and other data from travel records. - The funniest thing I’ve seen today – sophos.com
A guy is willing to pay up to $250 for Hotmail “password recovery.” - Vast malware repository dedicated to testing and research – net-security.org
In MD:Pro, the malware downloads are accessible on a paid subscription basis. - RBS WorldPay SQL Injection – liquidmatrix.org
RBS WorldPay, a system that processes millions of payments daily has been compromised.
Leave A Comment